Differential D15168 Diff 36845 src/applications/conpherence/controller/ConpherenceUpdateController.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/conpherence/controller/ConpherenceUpdateController.php
| Show All 10 Lines | public function handleRequest(AphrontRequest $request) { | ||||
| } | } | ||||
| $need_participants = false; | $need_participants = false; | ||||
| $needed_capabilities = array(PhabricatorPolicyCapability::CAN_VIEW); | $needed_capabilities = array(PhabricatorPolicyCapability::CAN_VIEW); | ||||
| $action = $request->getStr('action', ConpherenceUpdateActions::METADATA); | $action = $request->getStr('action', ConpherenceUpdateActions::METADATA); | ||||
| switch ($action) { | switch ($action) { | ||||
| case ConpherenceUpdateActions::REMOVE_PERSON: | case ConpherenceUpdateActions::REMOVE_PERSON: | ||||
| $person_phid = $request->getStr('remove_person'); | $person_phid = $request->getStr('remove_person'); | ||||
| if ($person_phid != $user->getPHID()) { | // This condition and one below enforces the remove_person to be | ||||
| // same as the acting_person. | |||||
| // By default all we need is to check whether the acting_person | |||||
| // can edit the room or not. | |||||
| // if ($person_phid != $user->getPHID()) { | |||||
| $needed_capabilities[] = PhabricatorPolicyCapability::CAN_EDIT; | $needed_capabilities[] = PhabricatorPolicyCapability::CAN_EDIT; | ||||
| } | // } | ||||
| break; | break; | ||||
| case ConpherenceUpdateActions::ADD_PERSON: | case ConpherenceUpdateActions::ADD_PERSON: | ||||
| case ConpherenceUpdateActions::METADATA: | case ConpherenceUpdateActions::METADATA: | ||||
| $needed_capabilities[] = PhabricatorPolicyCapability::CAN_EDIT; | $needed_capabilities[] = PhabricatorPolicyCapability::CAN_EDIT; | ||||
| break; | break; | ||||
| case ConpherenceUpdateActions::JOIN_ROOM: | case ConpherenceUpdateActions::JOIN_ROOM: | ||||
| $needed_capabilities[] = PhabricatorPolicyCapability::CAN_JOIN; | $needed_capabilities[] = PhabricatorPolicyCapability::CAN_JOIN; | ||||
| break; | break; | ||||
| ▲ Show 20 Lines • Show All 76 Lines • ▼ Show 20 Lines | if ($request->isFormPost() || ($action == ConpherenceUpdateActions::LOAD)) { | ||||
| } | } | ||||
| break; | break; | ||||
| case ConpherenceUpdateActions::REMOVE_PERSON: | case ConpherenceUpdateActions::REMOVE_PERSON: | ||||
| if (!$request->isContinueRequest()) { | if (!$request->isContinueRequest()) { | ||||
| // do nothing; we'll display a confirmation dialogue instead | // do nothing; we'll display a confirmation dialogue instead | ||||
| break; | break; | ||||
| } | } | ||||
| $person_phid = $request->getStr('remove_person'); | $person_phid = $request->getStr('remove_person'); | ||||
| if ($person_phid && $person_phid == $user->getPHID()) { | // Even though we are no longer checking for the user to be himself, | ||||
| // it is still necessary for the phid of the user to be specified | |||||
| if ($person_phid) { | |||||
| // if ($person_phid && $person_phid == $user->getPHID()) { | |||||
| $xactions[] = id(new ConpherenceTransaction()) | $xactions[] = id(new ConpherenceTransaction()) | ||||
| ->setTransactionType( | ->setTransactionType( | ||||
| ConpherenceTransaction::TYPE_PARTICIPANTS) | ConpherenceTransaction::TYPE_PARTICIPANTS) | ||||
| ->setNewValue(array('-' => array($person_phid))); | ->setNewValue(array('-' => array($person_phid))); | ||||
| $response_mode = 'go-home'; | $response_mode = 'go-home'; | ||||
| } | } | ||||
| break; | break; | ||||
| case ConpherenceUpdateActions::NOTIFICATIONS: | case ConpherenceUpdateActions::NOTIFICATIONS: | ||||
| ▲ Show 20 Lines • Show All 437 Lines • Show Last 20 Lines | |||||